paulkmoore/TestServlet.java

## TestServlet.java
package com.example.resource;

import javax.servlet.ServletException;
import javax.servlet.annotation.HttpConstraint;
import javax.servlet.annotation.ServletSecurity;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.Response;
import java.io.IOException;

/**
 * Created with IntelliJ IDEA.
 * User: paulkmoore
 * Date: 13/02/2014
 * Time: 15:08
 * To change this template use File | Settings | File Templates.
 */
@WebServlet(name = "TestServlet")
//@ServletSecurity(@HttpConstraint(rolesAllowed = {"user"}))
public class TestServlet extends HttpServlet {
  protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    response.setStatus(Response.Status.OK.getStatusCode());
    response.flushBuffer();
  }
}

## web.xml
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
         version="3.1">
    <security-role>
        <role-name>user</role-name>
    </security-role>

    <servlet>
        <servlet-name>test</servlet-name>
        <servlet-class>com.example.resource.TestServlet</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>test</servlet-name>
        <url-pattern>/testservlet</url-pattern>
    </servlet-mapping>

    <!--Equivalent of @ServletSecurity annotation-->
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>test</web-resource-name>
            <url-pattern>/testservlet</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>user</role-name>
        </auth-constraint>
    </security-constraint>
</web-app>
	package com.example.resource;

	import javax.servlet.ServletException;
	import javax.servlet.annotation.HttpConstraint;
	import javax.servlet.annotation.ServletSecurity;
	import javax.servlet.annotation.WebServlet;
	import javax.servlet.http.HttpServlet;
	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;
	import javax.ws.rs.core.Response;
	import java.io.IOException;

	/**
	* Created with IntelliJ IDEA.
	* User: paulkmoore
	* Date: 13/02/2014
	* Time: 15:08
	* To change this template use File \| Settings \| File Templates.
	*/
	@WebServlet(name = "TestServlet")
	//@ServletSecurity(@HttpConstraint(rolesAllowed = {"user"}))
	public class TestServlet extends HttpServlet {
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
	response.setStatus(Response.Status.OK.getStatusCode());
	response.flushBuffer();
	}
	}
	<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
	version="3.1">
	<security-role>
	<role-name>user</role-name>
	</security-role>

	<servlet>
	<servlet-name>test</servlet-name>
	<servlet-class>com.example.resource.TestServlet</servlet-class>
	</servlet>
	<servlet-mapping>
	<servlet-name>test</servlet-name>
	<url-pattern>/testservlet</url-pattern>
	</servlet-mapping>

	<!--Equivalent of @ServletSecurity annotation-->
	<security-constraint>
	<web-resource-collection>
	<web-resource-name>test</web-resource-name>
	<url-pattern>/testservlet</url-pattern>
	</web-resource-collection>
	<auth-constraint>
	<role-name>user</role-name>
	</auth-constraint>
	</security-constraint>
	</web-app>